The Hacker News — Cyber Security, Hacking, Technology News

In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone.

But has all this money gone to the legitimate app developers?

Probably not, as app developer Johnny Lin last week analyzed the Apple's App Store and discovered that most of the trending apps on the app store are completely fake and are earning their makers hundreds of thousands of dollars through in-app purchases and subscriptions.

Scammers Use 'Search Ads' Platform to Boost App Ranking

Shady developers are abusing Apple's relatively new and immature App Store Search Ads, which was launched at last year's Worldwide Developers Conference (WWDC), to promote their app in the store by using a few strategically chosen search ads and a bit of SEO.

"They're taking advantage of the fact that there's no filtering or approval process for ads, and that ads look almost indistinguishable from real results, and some ads take up the entire search result's first page," Lin wrote in his lengthy Medium post.

"I dug deeper to find that unfortunately, these aren't isolated incidents, they're fairly common in the app store's top grossing lists. And this isn't just happening with security related keywords. It seems like scammers are bidding on many other keywords."

Watch Out, Don't fall for Fake Apple In-App Subscriptions

One of the top earning apps Lin found was named "Mobile Protection: Clean & Security VPN" that tricked users into signing up for a $99.99 per week subscription for a complete garbage service by just laying their thumb on the Touch ID.

According to Lin, this app alone has earned its developer an estimated $80,000 per month, according to data from marketing firm Sensor Tower.

With spell and grammatical errors and fake reviews, 'Mobile Protection: Clean & Security VPN' claimed to be a Virus scanner, prompting users to "Instantly use full of smart anti-virus" by offering them a "FREE TRIAL."

But as soon as a victim tapped on the free trial, Touch ID screen appeared that read:

"Use Touch ID to start your free trial to Full Virus, Malware Scanner? You will pay $99.99 for a 7-day subscription starting June 9, 2017."

Usually, users who landed on the Touch ID screen making their mind for a free trial accidentally pressed their thumb on the Touch ID, which netted nearly $400 per month from just one user.

Therefore, the shady app developer needed just 200 people to be tricked into paying for the junk service to earn them $80,000 per month, which means $960,000 annually, according to Lin's calculations.

Lin explained how shady developers are abusing the App Store Search Ads service and "taking advantage of the fact that there's no filtering or approval process for ads, and that ads look almost indistinguishable from real results."

Though Apple removed the app, and several other apps that Lin highlighted in his post, but its App Store is still full of shady apps that use in-app purchases and misleading descriptions to trick users into spending lots of money on garbage.

Affected? Here's How to Cancel App Subscriptions

However, if you, unfortunately, downloaded any of the shady apps in question and paid for an expensive subscription, you can follow these steps to cancel all future payments:

Click on Subscriptions and then tap on the subscriptions you want to cancel, and tap Confirm.

Now once your current subscription period ends, you'll not charge.

Lin has also provided a long list of recommendation for Apple to implement to make its App Store safe for users, which includes steps to make better UI on Touch ID subscriptions, stricter Review of subscriptions, easier cancellation of subscriptions, fraud- and abuse-proof Search Ads, and remove scams and refund users.

Chinese authorities have announced the arrest of around 22 distributors working as Apple distributors as part of a $7 million operation, who stole customers’ personal information from an internal Apple database and illegally sold it to Chinese black market vendors.

According to a report from Chinese media, this underground network reportedly consisted of employees working in direct Apple suppliers, and other outsource firms in the Zhejiang, a province in eastern China.

These employees had access to Apple databases along with other tools containing sensitive information about its customers.

They allegedly used their company's internal computer system to gather data includes usernames, email addresses, phone numbers, and Apple IDs, and then sold it in the underground market for between 10 yuan ($1.47) and 80 yuan ($11.78) per data point.

So far, the network has made a total of 50 million yuan (around $7.36 million). However, it is unclear if the data sold by the suspects belonged to only Chinese Apple users or users elsewhere as well.

Much details about the arrest have not been revealed by the Chinese authorities at this moment, though the police statement suggests the Chinese authorities across four provinces, including Guangdong, Jiangsu, Zhejiang, and Fujian, arrested 22 suspects over the weekend, following a few months of investigation.

The authorities dismantled their online network and seized all "criminal tools," and announced Thursday that the suspects have been "detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information."

Wondering how this spamming operation can affect you?

As I mentioned above, your personal data is profitable both for marketing companies to deliver targeted advertisements to you, and for hackers to carry out malicious hacking campaigns, including phishing attacks and other email scams.

Police are trying to capture and destroy the scammers' network, but users are advised to be vigilant while opening attachments in emails, clicking links in messages from unknown numbers and giving out any details on phone calls.

The cyber criminal gang, dubbed AFT13, has developed Methbot robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions.

The hackers, allegedly based in Russia, registered more than 6,000 domains and 250,267 distinct URLs impersonating brand and names of high-profile websites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post, and selling fake video ad slots.

Cyber criminals behind Methbot are using servers hosted in Texas and Amsterdam to power more than 570,000 bots with forged IP addresses, mostly belongs to the United States, which make it appear ads are being viewed by US visitors.

The cyber criminals then obtain video-ad inventory to display to its fake media websites for top dollar and fools the ad marketplace into thinking the ad content is being watched by legitimate website visitors.

But in reality, these video ads are viewed by Methbot's fake viewers, as the fraud also includes an automated software program that mimics a user watching ads.

To make their bots look more real, the gang is using methods like automated faked clicks, social network login information, and mouse movements.

The security firm found that the fraudsters’ bot army watched as many as 300 Million ads per day, with an average payout of $13.04 per 1000 faked views.

If you multiply this number by more than 570,000 compromised IP addresses, the money rolls in.

The company believes that Methbot creates an estimated between 200 Million and 300 Million fraudulent video ad impressions per day, targets roughly 6,000 publishers and generates between $3 Million and $5 Million in revenue every 24 hours.

White Ops initially noticed the activity of Methbot last year in September, but in October 2016, the campaign dramatically risen.

The Methbot operation is headquartered in Russia but uses data centers in Dallas and Amsterdam. Although this information is not enough to prove that the hackers are of Russian origin, White Ops evidently believes that the hacker group is based in Russia.

White Ops has notified the FBI about the scam and has been working with federal law enforcement for weeks now.

Yes, you heard it right. If I tell you not to visit my website, but you still visit it knowing you are disapproved, you are committing a federal crime, and I have the authority to sue you.

Wait! I haven't disapproved you yet. Rather I'm making you aware of a new court decision that may trouble you and could have big implications going forward.

The United States Court of Appeals for the Ninth Circuit has taken a critical decision on the Computer Fraud and Abuse Act (CFAA): Companies can seek civil and criminal penalties against people who access or visit their websites without their permission.

Even Sharing Password is also a Federal Crime...

Yes, a similar weird decision was taken last week when the Ninth Circuit Court of Appeals ruled that sharing passwords can be a violation of the CFAA, making Millions of people who share their passwords "unwitting federal criminals."

Now, you might be wondering how visiting a publically open website could be a crime. Well, there's a legal battle behind it:

CASE: Facebook Vs. Power Ventures

The case involves a start-up called Power Ventures – allows its users to log-in and manage all of their social network accounts from one place – claimed on its site that the "First 100 people who bring 100 new friends to Power.com win $100."

Once clicked on the link, Power used a service that let users fetch all of their contacts on different social media sites to send a series of promotional emails and internal Facebook messages inviting their friends to sign-up on Power.com.

On discovering the activity, Facebook blocked the Power's API app to access its website and user's data, as well as sent a cease-and-desist letter to the scammy service telling the company to stop.

"Facebook does allow third parties to access content by enrolling in the site's Facebook Connect program, but Power never registered with the system and conducted activities beyond the program’s scope," says Orin Kerr, Professor of law at the George Washington University Law School.

According to the cease-and-desist letter, Power was violating Facebook's terms of use that may have violated federal and state law.

Even being explicitly warned to stop, Power continued using Facebook’s website, which forced Facebook to sue Power Ventures in the year 2008 for violating Computer Fraud and Abuse Act (CFAA).

In September 2013, the federal court ordered Power to pay more than $3 Million in damages to Facebook on the ground that Power had violated CFAA Law.

The case was pending before the Ninth Circuit, who has also sided with Facebook recently.

Well, I'm not convinced. The court ruling is really too broad that gives prosecutors too much power to turn your activities, such as password sharing and visiting websites, into federal crimes.

The major tech companies including Google, Facebook, and Yahoo! have joined their hands to launch a new program meant to block fake web traffic by blacklisting flagged IP addresses.

Today, majority of data center traffic is non-human or illegitimate, so to fight against this issue the Trustworthy Accountability Group (TAG) has announced a program that will tap into Google's internal data-center blacklist to filter bots.

The new pilot program will reject traffic from web robots or bots by making use of a blacklist, cutting a significant portion of web traffic from within data centers, said Google Ad Manager Vegard Johnsen.

Google or any other big tech firm maintains a Blacklist that lists suspicious IP addresses of computer systems in data centers that may be trying to trick the human into clicking on advertisements. Google's DoubleClick blacklist alone blocked some 8.9% of data-center traffic back in May.

Facebook and Yahoo to Contribute

Apart from Google, TAG's new program will take help from other industry leaders, including Facebook, Yahoo, Dstillery, MediaMath, Quantcast, Rubicon Project and TubeMogul, to share their own internal data-center blacklists.

"By pooling our collective efforts and working with industry bodies, we can create strong defenses against those looking to take advantage of our ecosystem," Johnsen said in a blog post. "We look forward to working with the TAG Anti-fraud working group to turn this pilot program into an industry-wide tool."

Click fraud have become a major issue for big companies as it steals money from advertisers and reduces faith in online campaigns.

Fraudsters are making Millions

Some publishers even run specialized tools in data centers that generate fraudulent ad impressions to inflate user clicks.Two such tools are listed below:

UrlSpirit

HitLeap

UrlSpirit is a software that serves as a form of botnet. Named URLs are distributed among Internet Explorer (IE) instances running on most of the data center boxes that operate UrlSpirit.

The search engine giant discovered nearly 6,500 installations of UrlSpirit generating 500 Million fake ad requests or an average of 2,500 ad requests per installation per day.

On the other hand, HitLeap is another software that uses the Chromium Embedded Framework, instead of Internet Explorer.

HitLeap is larger with 4,800 installations network of which 16% are operating in data centers.

"This program is another piece of the interlocking set of solutions TAG is building to fight fraud across the entire ecosystem," says Zaneis. "The industry is galvanizing its efforts and we will win the war against fraud."

TAG will soon release a set of principles for online users comments that will be then incorporated into the final pilot program. The ad fraud detection tool will be available to the public by the end of 2015.

With the beginning of FIFA World Cup tournaments in Brazil, Football fever is going viral across the world. Soccer or Football is the most popular sport in the world with billions of fans who don’t even miss a single tournament.

Now, this is the most awaited and rejoicing atmosphere for Football fans as well as cybercriminals right now. For bad actors, the World Cup is a perfect opportunities to scam people online.

While you are busy figuring out websites where you can stream live Fifa Matches on your PCs without missing a single moment of the world cup tournament, cyber criminals are also busy to launch phishing attacks in form of scams and malwares in order to victimize the system by several Trojans and viruses.

This isn't surprising as cyber criminals have become smart enough to gain from every possible eventuality they get and their prior/common target is every time the users’ interest based major news and current events.

The most popular threat this World Cup targets users in the form of phishing attacks. You may see links in messages over emails and social networking sites serving attractive contents of this World Cup such as Free Tickets, merchandise, news and footage of highlights, online streaming videos of footballers behaving badly and many more.

But once clicked, the victims are redirected to the malicious websites that trick users into revealing their private information or installing malicious softwares in order to put their computer systems at risk of malwares and viruses infection or identity theft.

Researchers at the security software maker firm, Symantec, have identified several email scams and in coming days, they also expects to see these scam attempts targeting Soccer fans on social networks as well.

#1 FREE TICKETS TO WORLD CUP

The most common scam is Free Tickets to World Cup 2014. In this Football fevered atmosphere, everyone is seeking to get a free pass or a ticket to the tournament in Brazil and What if you won an all-expenses paid trip to Brazil? It’s really like a dream comes true for any Soccer fan.

The security firm has identified several emails that contain a malicious zip file and inside it is an executable file. Once executed, it will allow your computer to be taken over by Trojans and remote administration tools.

#2 NEWS AND HIGHLIGHTS OF WORLD CUP TEAMS AND PLAYERS

Apart from free tickets, news and highlights about different World Cup teams and players can also be used to thwart users into opening up malicious attachments or clicking malicious links.

Researchers have discovered emails that are currently circulating about Neymar da Silva Santos Júnior, a young star player with the Brazilian national team. The email have a malicious word document that could exploit a known vulnerability in the victims’ Microsoft Word.

#3 FREE ONLINE STREAMS OF FIFA WORLD CUP MATCHES

Once the FIFA World Cup begins, cyber criminals starts targeting users by emails and social networks’ scams that claim to provide free live stream of various matches. Before you can unlock access to the live stream, it first ask you to fill out a survey or download and install software in order to fetch money from your pockets.

HOW TO PROTECT FROM WORLD CUP SCAMS

If you are served any link for free tickets to World Cup, consider it as a scam because free stuffs are never free.

If you have to watch live World Cup match, check your local service providers to see where and when you can catch World Cup games online.

Sheep Marketplace, one of the leading anonymous websites, after Silk Road’s closure by U.S. Prosecutors, allegedly selling drugs, has gone offline claiming it was robbed of $6 million worth of Bitcoins.

Like Silk Road, Sheep Marketplace was a Deep Web site accessible via the Tor network and quickly grew into a replacement of other popular underground Bazaars.

Weeks ago, the Administrator of the Sheep Marketplace announced that withdrawals from online Wallet would be closed for a few hours as a new feature was being implemented, however deposits were still allowed.

Recently, The market’s administration left a short message for users, which reads:

We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found a bug in the system and stole 5400 BTC – your money, our provisions, all was stolen. We were trying to resolve this problem, but we were not successful. We are sorry for your problems and inconvenience, all of the current BTC will be distributed to users, who have filled correct BTC emergency address. I would like to thank to all SheepMarketplace moderators of this, who were helping with this problem. I am very sorry for this situation. Thank you all.

The above note suggests that a random vendor from the site was able to find a bug in the system and steal thousands of Bitcoin. However, for the next ten days, users reported that they were unable to withdraw their remaining coins and over the weekend, the site was shut down.

But now it appears that the entire site was a scam, resulting in all of the buyers and sellers losing their money. In total, Sheep Marketplace’s operator appears to have walked away with nearly 39,918 Bitcoins, which are currently worth more than $40 Million.

A website that monitors bitcoin transactions called Blockchain has tracked the movement of 39,918 bitcoins, which is believed to be the exact amount that was in Sheep Marketplace's possession and includes IP addresses from the website.

Before the forum was taken down, one of its moderators posted:

The fucking admin has disappeared. All people thinking we fucking mods in on it and we had no idea. We have no access to anything at all. All we can do is ban users and delete forum posts. We also lost everything. Invested so fucking much. No job, no security, now in fucking huge debt all because of “honest” promise of pay. I still have some kind of hope, but it’s running out fast. I really really fucking hope this is just life problems for the admin team, but I have no idea. Thanks man for your support. This is a total fucking disaster though by the looks of it. I’m so fucking sorry for everything I’ve said in the past. I got scammed just like every other fucking person. Scared for my fucking life now people trying to fucking dox us because they think we’re in on it. Fucked up man fucked up.

So, another major bitcoin black market is gone, along with users money. But in case, if Sheep Marketplace somehow comes back, I will definitely let you know !

Spammers have now leveraged the popularity of Harry Potter's star Emma Watson in a Facebook scam that offering Sex tape of popular Hollywood movie star Emma Watson with a malicious link, actually spreading the malicious links and Porn images on infected user's profiles.

This isn't the first time Emma Watson has been used as the bait in a scam and it surely won't be the last. The worm hitting Facebook Profiles and Groups with post of malicious porn link and tagging others too in same post.

Spammers are abusing Google Translate and Short url services to keep their links unblocked by Facebook's automated malware scanner. Click that link will redirect user to a webpage asking for "Age Verification" , as shown below:

Website will ask user to follow some step, before offering the video. In Step one asking them to Click a link, that will be used in Step two and three for generating an activation code. Once user will click "Activate", he will be redirect to another page and his Facebook Profile will get logout automatically.

In meantime, the virus will spread on victim's profile and automatically will post same Emma Watson scam post on their wall, tagging 12-15 friends on the comments. This new post will them offer same video and steps to others.

Update : The people who are running this scam are earning huge money from advertising networks. AlterVista Hosting, where the script was hosted by cyber criminal at subdomain "nglscripts4" is now removed by web hosting service, because of their ToS violation.

You should never click on a link that appears on your Facebook page with some malicious content, either its from someone you know.

Cyber criminals become hyper active during festivals. Diwali is no exception. Shantanu Ghosh, Vice-President and Managing Director (India Product Operations) of Internet security solutions company Symantec has observed that malware authors and spammers are using Diwali (The festival of lights that’s celebrated across the world (primarily in the Indian sub-continent) as the latest event to lure unsuspecting users into downloading malware, buying products, and falling for scams.

Shantanu said cyber criminals attempt to ‘poison’ web search engine results to take advantage of huge rush in search activity during popular events. “We have observed that cyber attackers are using various techniques to make the most of Diwali,” he warned.

Cyber-attackers make use of social engineering tactics to lure users to purchase from or register on unknown websites. Users may be exposing personal information to Internet scammers.

“Before giving into the temptation of clicking on a link in an email, check whether it is an unsolicited email offer and whether it is this website authentic. You can safely ignore such mails that ask for unnecessary personal information such as passwords or pin numbers,” He said.

The growing popularity of microblogging sites like Twitter has sparked a corresponding rise in social networking scams. If you receive an email or direct message (DM) on Twitter with text “Hello, You have been selected to be the Twitter user for the month! We've got a reward for you text this word ITweet to the following number 6 8 3 9 8” , don't bother replying the mail.

Mary C. Long actually notice this scam and write a quick warming on his blog. Those who send messages to the number provided by the scammers are actually handing over their phone numbers to the crooks. They can use the information for smishing attacks and all sorts of other malicious plots, Eduard Kovacs from Softpedia explains.

Here a small list of most common Twitter-Facebook Scam messages , If any of this phishing scheme sounds familiar, ignore the message.

i got mine yesterday

you even see them taping u him

what on earth you’re doing on this movie

O M G your in this

what on earth could you be doing in our vid

what are you doing in this viddeoo

rofl they was taping you

u didn’t seee them tapping u

how did you not see them taping u

lol they taped your

whatt are you doing in this fb vid ?

In case you Get a Phishing DM on Twitter, Report the issue direct to Twitter Team Here.

A very quick and urgent warning for Twitter users, If you receive a direct message (DM) on Twitter saying "My profile was viewed..times..today" with a link then please don't click it. If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying "My profile was viewed..times..today".

The direct message is a Scam aimed at stealing your twitter account. Or If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now. Reason being, they’re all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same.

We recommend you to:

DO not click the link.

DELETE that message

ONCE REVIEW all the application you have allowed in your twitter profile, Here.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!